Other articles in this series:

Freenode IRC operators now engaging in routine abuses of power

There have been several allegations of this since the handover of the Freenode infrastructure to its new custodians, but I can now provide a first-hand account of one incident — because I am the victim of it.

A channel which I registered, ##hntop, has been taken over by Andrew Lee (rasengan) without my knowledge or consent.

Timeline.

Conclusions. In other words, it appears that a Freenode services admin, presumably rasengan,

##hntop on Freenode is no longer being served by the true bot, egobot, and the codebase which powers it, which uses the HN API and its Server-Sent Events support to announce new entries on the HN front page the very instant they reach it, no polling needed. If the log above is to be believed, humblebot is probably just some RSS feed, a pale imitation. The true egobot is found now only on Liberachat, in ##hntop.

(It's rather ironic that I named my bot egobot (really, E-Go-Bot, since it's written in Go) and Lee the converse, given that this seems rather the reverse of reality.)

Important safety advice for Freenode users

Advice for all users. Being that the Freenode infrastructure is now clearly under the control of an abusive power, I'd like to note that while I do not know this to be the case, there's a serious risk or really even a likelihood that Freenode PMs will come under surveillance. I base this both on the above, on the other reports of abuses of power which have been made, and on private sources which I cannot disclose for their own protection, and what all of those say about the attitude of Freenode's new custodians. In my view this risk is sufficiently high that the only reasonable course of action at this point is to assume out of caution that all Freenode PMs are tapped.

This works to your benefit even if it ultimately turns out that they aren't; if you simply assume Freenode PMs are compromised as a communications channel, no harm will befall you even if this turns out to be wrong. Of course, IRC PMs are not E2E encrypted and in reality, nobody should be trusting in their security — but having used IRC, I know that people communicate confidential information via PMs due to their convenience rather more than they should.

For this reason, in the abundance of caution I would suggest people adopt a simple operational policy: Do not use Freenode PMs for any purpose whatsoever. The reason I suggest this is because often, people will start a conversation in PMs about something which is not at all sensitive; they might think therefore that they don't need a secure channel, and reach for the easy, convenient option; but as human conversation flows naturally, discussion will often turn to something more sensitive. Vanishingly few people will take this moment to do the socially weird thing of insisting on stopping the conversation and arranging a secure channel, so one essentially fools oneself into discussing sensitive matters over an insecure channel.

To work around this, I suggest adopting a simple protocol of never using Freenode PMs for any conversation at all. This protocol is both easy and convenient; if you want to talk to someone, you can simply PM them on another IRC network, since most people are connected to more than one network. If you don't know whether they're on another network, simply ask. This gets your mind out of the trap of thinking “oh, this conversation isn't sensitive”; by setting an indiscriminate “no Freenode PMs at all” rule inside your own head, you avoid accidentially socially engineering yourself into having sensitive conversations over Freenode PMs.

Advice for all channel founders. The above clearly demonstrates that the new custodians of Freenode will have no regard for your channel if you displease them. Quite simply, move to a new network as a matter of urgency — any network. I have been moving my own channels to Liberachat, though I make no specific endorsement of any network.

When moving, there is now even a real possibility that the new Freenode staff will try to cover up the move and essentially create a “counterfeit” channel in the place of the old one, even if you keep it registered. You may wish to warn your channel's users of this and to be wary of it.

Bootnote

Since this was about to make the HN front page, I rejoined Freenode ##hntop, so that I could watch Andrew Lee get owned by his own bot:

[Screenshot of an IRC client showing ##hntop announcing this article; then the bot suddenly quits]
Whoops!

Other articles in this series: